adporn.net A2: Cryptographic failures - SonarQube Video Tutorial | LinkedIn Learning, formerly Lynda.com

LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

Select Accept to consent or Reject to decline non-essential cookies for this use. You can update your choices at any time in your settings.

Start free trial Sign in

From the course: Static Application Security Testing

Unlock the full course today

Join today to access over 24,600 courses taught by industry experts.

A2: Cryptographic failures

A2: Cryptographic failures - SonarQube Tutorial

From the course: Static Application Security Testing

Start my 1-month free trial Buy for my team

A2: Cryptographic failures

“

- [Narrator] The second set of risks in the OWASP top 10 list are cryptographic failures. If an attacker is targeting your application, then chances are the attacker wants access to the data that you've hidden behind login screens and restricted authorized users. If, however, you've left any gaps in your data protection controls, the attacker could potentially steal that data without exploiting injection flaws or broken access controls. As an example, if your application doesn't encrypt data while it's traveling from the end user's client to the server then an attacker could potentially use an adversary in the middle attack to steal that data in transit. If you've got things like passwords or financial account numbers or healthcare data stored in plain text on your servers, then an attacker who finds a way to navigate to those files can steal that data without much effort. And even if you've encrypted data at rest and…

Contents